Dec200808

Date: Dec 08 2008

Let me just start off by saying that anyone with a RIM Blackberry should throw it up against the wall when it comes to exchange account support. I was a long time verizon customer and bought the new blackberry storm to try out and it was absolutely the worst. Returned it 12 days later and switched to the iPhone. I am not going to get off on a “My iPhone is better rant” but I do want to post this for people who may be in the same situation. Bottom line true OTA exchange account support with Blackberry Snap on for Exchange with cost you about $2,999 for 1 user; iPhone native exchange support for unlimited users is $0 dollars. In this article I will explain what it takes to get exchange setup.

Overview of Configuration

Configure IIS & Exchange for RPC over HTTP/S

Self Sign secure certificate (optional for SSL support)

NAT/Firewall Configuration (if needed)

Setup your account on your iPhone

Preequsit Software

IIS (6.0 used in this tutorial)

Exchange 2007 w/ Service Pack 1

iPhone 2.1 or greater software

INSTALL RPC over HTTP/S on Server

On the Exchange Server 2003 computer that is running Windows Server 2003, click Start, point to Control Panel, and then click Add or Remove Programs.

Click to select the RPC over HTTP Proxy check box, click OK, and then click Next. Note that you must have either the Windows Server 2003 installation CD ready, or the i386 folder from that CD accessible while installing this component.

Expand servername (local computer), expand Web Sites, expand Default Web Site, right-click Rpc, and then click Properties. Note: Windows Server 2003 Service Pack 1 (SP1) adds a new virtual directory called RpcWithCert. This virtual directory points to the same location as the Rpc virtual directory. You do NOT need to modify this virtual directory.

Click the Directory Security tab, and then click Edit under Authentication and access control.

Click to clear the Enable anonymous access check box.

Click to select the Basic authentication (password is sent in clear text) check box.

You receive the following message:The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS(orSSL) connections. Are you sure you want to continue?

Click Yes

I recommend entering the domain name in the Default Domain box (you can press Select to browse to the domain name).

Click OK.

When finished Click Apply, and then click OK.

Configure RPC SSL in Internet Information Services

The RPC virtual directory is now configured to use basic authentication. As stated in the Recommendations section of this article, you must configure SSL on your RPC Proxy server (i.e. on your single server). To enable SSL on the RPC virtual directory you must obtain and publish a certificate or use the self signed method I will discribe bellow. If you want to just access exchange without SSL (port: 80) you can skip the next two section.

To configure the RPC virtual directory to require SSL for all client-side connections, follow these steps:

In Internet Information Services (IIS) Manager expand Web Sites, expand Default Web Site, right-click Rpc, and then click Properties. Where you were at for the previous step.

Click the Directory Security tab, and then click Edit under Secure communications.

Next we want to either provide an signed SSL certificate or Self Signed Certificate (iPhone works with both). I did not feel the need to pay for a cert so I just did a self signed. I will describe the steps I took here.

After downloading and executing this kit, make sure you either choose Complete installation option or if you choose Custom installation option, make sure you have selected the SelfSSL feature. See below step by step screen shots for the Custom installation option.

Click on Start > All Programs > IIS Resources > SelfSSL > SelfSSL to run the SelfSSL utility. On doing so, you should see the command prompt along with help instructions (see below screen shot).

Type selfssl.exe and press enter, it would use the default settings to install the SSL certificate which are equivalent to:/N:CN=<YOUR COMPUTER NAME> (common name of the certificate)
/K:1024 (key length of the certificate)
/V:7 (validity of the certificate in days)
/S:1 (ID of the site to which the certificate needs to be installed)
/P:443 (SSL port)

Press enter, then type y and press enter again to confirm the installation.
The most important option here is the site id parameter and SelfSSL uses the site id 1 by default which maps to “Default Web Site”.

Port Paramaters in the Registry

Instead of manually editing the registry, I used a small utility that will allow you to perform all the required registry changes by pressing a couple of buttons. The tool is called RPCNoFrontEnd

On the next screen, enter your complete email address, domain, username, password, and a description (which may be anything you like). Ask your Exchange server administrator if you are unsure of the domain. If you are unable to view your folder list, or unable to send or receive email, leave the domain field blank.

Your iPhone (or iPod touch) will now try to locate your Exchange server using Microsoft’s Autodiscovery service. If the server cannot be located, the screen below is shown. Enter your front-end Exchange server’s complete address in the Server field. Contact your Exchange server administrator if you are unsure of the address.

Your iPhone will try to create a secure (SSL) connection to your Exchange server. If you did not setup SSL, it will try a non-SSL connection. To override the SSL setting, go into Settings, then Mail, Contacts, Calendars, select your Exchange account, tap Account Info, then toggle the Use SSL slider.

After successfully making a connection to the Exchange server, you may be prompted to change your device passcode to match whatever policies may have been set on your server.

Choose which type(s) of data you would like to synchronize: Mail, Contacts, and Calendars. Note that by default, only 3 days’ worth of email is synchronized. To synchronize more, go into Settings, then Mail, Contacts, Calendars, select your Exchange account, and tap on Mail days to sync.

Note that after configuring an Exchange ActiveSync account, all existing contact and calendar information on the iPhone or iPod touch is overwritten. One exchange account is permitted. Additionally, iTunes no longer syncs contacts and calendars with your desktop computer. You can still sync your iPhone wirelessly with MobileMe services.

14 Comments to “Configure Exchange 2003 & Apple iPhone”

Bottom line true OTA exchange account support with Blackberry Snap on for Exchange with cost you about $2,999 for 1 user

-Your info is not accurate. BES is available for free then you purchase $100 CALs per blackberry. Any blackberry PIN will allow to download your FREE copy. You cannot even compare and contrast BES’s power over Activesync. Try doing exchange migrations with Windows\Iphones in the picture. Try wiping data off a stolen or lost iphone remotely. With Activesync you can send a wipe command but the user has to approve it and the person in pocession of the phone continues to enjoy all the data from the last sync.

You can not just purchase 1 license and have it work with the free-trial snap on. I spoke with them directly. RIM said I had to purchase “BlackBerry Enterprise Server Software v4.1, Service Pack 6 for Microsoft Exchange
Includes 1 user license” which cost $2,999 USD.

As for the Wipe aspect, change the persons password and contacts/calendar are wiped. The only thing left behind is emails. That is a downside i’ll give you that. But not worth the $2,999 IMHO.

You can download the Blackberry Professional Server, it is free and the only requirement is a valid PIN and your phone needs BES data plan (not BIS). Each additional license will cost $95 each, with a limit of 30 (then you need to purchase the Blackbeery Enterprise Server) If you properly follow the detailed installtion instructions and get the permissions correct it works fine. I work for a technology company and setup Blackberry servers, Good Link servers (for Treos), Exchange servers (integrating iPhones with ActiveSync) and they all work well and have their plus and minus. The RIM rep information is correct for the plugin, but our customers don’t blink twice at spending $2999. The SMB accounts usually just use the free download. One issue with Blackberry is support isn’t good at all and the software can break with some Microsoft updates. I like the iPhone 2.0, works well.

“Try wiping data off a stolen or lost iphone remotely. With Activesync you can send a wipe command but the user has to approve it and the person in pocession of the phone continues to enjoy all the data from the last sync.”

This is not accurate. Sending a wipe and clear from exchange to the iPhone does not require the user to “approve” it. The command is executed without user intervention and completely wipes the phone data and takes it to a restore state that requires the unit to be reconnected to iTunes to reinstall the base software on the unit. ALL USER DATA IS DELETED.

The Blackberry works better with Exchange…You do not have to have a BES for Blackberry to work with Exchange. I have never had a problem setting up a Blackberry for Exchange. I can’t say the same for the IPhone.

I have users with Blackberry’s and iPhones, both connecting to exchange server running on sbs2008.
The Blackberry’s are a disaster, (Pearl and Storm), yet the iPhones are very reliable, folder sync is good.
Being a PC man, I initially baulked at the iPhones, but they DO work with exchange 2007, and as someone mentioned in an email, Blackberry’s do seem to get corrupted programs and stop communicating with the exchange server when MS send out updates.
The telephone support for blackberrys is abysmal “you have lost your contact list, and cannot backup the data as the programs are corrupt, so you will have to wipe the device, to see if it works again” not hte answer you want to hear when it is the MD’s phone.

Great Post but it is exchange 2003 on server 2003. I am having a problem with exchange 2007 on server 2008. The problem is that when I setup the Iphone it requires a passcode. We can get e-mail from the exchange sever but now we have to enter the passcode every time the Iphone is unlocked. Is there away to stop this from happening?